Back

Security Advisory — Arbitrary Physical Memory Access Vulnerability in GIGABYTE Control Center - MyPortIO Driver

CVE-2026-9492
Jul 13, 2026

GIGABYTE Technology Co., Ltd. acknowledges a recently identified security vulnerability (CVE-2026-9492) in the MyPortIO_x64.sys driver, a component of the GIGABYTE Control Center (GCC) software used for RGB lighting control of specific DRAM products. We are committed to providing secure and reliable products and have actively addressed this issue to protect our customers.

 

Vulnerability Details

CVE Identifier: CVE-2026-9492

CVSS Score: 7.8 (High) 3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vulnerability Type: CWE-782: Exposed IOCTL with Insufficient Access Control.

Root Cause: The vulnerability exists in the driver's IOCTL interface, where insufficient access control allows authenticated local attackers to perform arbitrary read and write operations on physical memory through specific IOCTL commands.

 

Attack Scenario

An authenticated local attacker can interact with the MyPortIO_x64.sys driver by sending specially crafted IOCTL requests. By exploiting this flaw, the attacker can bypass operating system memory protections and obtain kernel-level privileges.

 

Potential Impact

This vulnerability allows a local malicious actor to elevate privileges to the kernel level (Ring 0), potentially leading to Local Privilege Escalation (LPE) and complete system compromise.

 

Affected Products and Software

Product Name: GIGABYTE Control Center (GCC) - DRAM Lighting Control.

Affected Components: MyPortIO_x64.sys driver.

Affected Versions:

Versions prior to MBStorage_26.02.10.01.exe.

 

Resolution and Recommended Actions

GIGABYTE has released a software update to rectify the driver's access control mechanism. The updated driver implements strict boundary checks and a whitelist for IOCTL requests, restricting access exclusively to necessary SMBus address ranges for Intel and AMD platforms.

 

Mitigation Version: MBStorage_26.06.03.01 or later.

 

Recommended Action: Customers using the affected DRAM products are strongly advised to upgrade to the latest GCC version immediately.

Download Instructions: Please navigate to the Support section of the relevant product page or update via GCC LiveUpdate to download the latest software.

 

Acknowledgement

We extend our sincere gratitude to Franco Aleksandras Longo for discovering and responsibly reporting this vulnerability. His collaboration has been invaluable in developing a swift and effective response.